Another “fight your evil admin” arti­cle… well you have a SSH account? And an evil Admin which restrict inter­net access, like no free WEB/IRC/ICQ/MSN/whatever? Good! You need a HTTP proxy server (a pub­lic one, but I think each ISP pro­vides one).. End of Story. What else? Ah, you need a SSH client like Plink (I assume you use Win­dows) or Putty. We use Plink in this example.

So now enter the fol­low­ing command:

1
> plink.exe –v –pw SSH-PASSWORD SSH-USER@SSH-HOST –L LOCALHOST:PROXYSERVER:PROXYPORT

For exam­ple, your SSH Server is publicssh.org, and the Proxy run’s on publicproxy.com:8000:

1
> plink.exe –v –pw pass­word user@publicssh.org –L 1234:publicproxy.com:8000

This gen­er­ates a SSH tun­nel from your work­sta­tion via the SSH server to the HTTP proxy:

1
[LOCALHOST:1234]–[publicssh.org]–[publicproxy.com:8000]

Now enter a HTTP proxy for your web browser (127.0.0.1 port 1234) and your done…If you need a SSH server, visit: http://www.rootshell.be, they pro­vide free SSH accounts. Or check this site: http://www.ductape.net/~mitja/freeunix.shtml

For pub­lic HTTP prox­ies google around.. (“pub­lic http proxy”)

Prob­a­bly you can­not access you SSH server on the default SSH port, because it might be blocked… (rootshell.be pro­vide a SSH Server on port 443). In this case you need to use the “-P PORTNR” option.

Other inter­est­ing options with plink:

1
2
3
4
5
6
–D [listen-IP:]listen-port
Dynamic SOCKS-based port for­ward­ing
–L [listen-IP:]listen-port:host:port
For­ward local port to remote address
–R [listen-IP:]listen-port:host:port
For­ward remote port to local address

Of course you can also use PuTTY as SSH tun­nel­ing software:


Enter the “nor­mal” con­nec­tion set­tings (host­name and port) and click on the “Tun­nels” sec­tion. Now enter you details, an exam­ple is shown above. You can of course you can enter mul­ti­ple tun­nels here, for exam­ple mail server (pop and smtp).

Btw: You can even use HTTP Prox­ies when you use Putty, so you should be able to use SSH tun­nel from almost everywhere!

Also a good exam­ple would be, if you for­ward the local port to the des­ti­na­tion port 3389 (Remote Desk­top). In Putty this would look like this:

1
L12344 192.168.1.100:3389 (For­ward 127.0.0.1:12344 -> Inter­net -> YOUR_SSH_SERVER -> 192.168.1.100:3389).

When you estab­lished the SSH con­nec­tion, use mstsc.exe to con­nect to 127.0.0.1:12344.

Another pos­si­bil­ity is, for­ward a port on a pub­lic server to your Server/Workstation (with the –R / Remote option)… just another idea, you’re wel­come to contribute!

Check out the SSH tun­nel­ing arti­cle nr. 2 for a SOCKS tuto­r­ial (Use Putty and GAIM).

Edit Juni 2006:
A Linux exam­ple, cre­ate a SSH tun­nel and for­ward the local­port 2225 (smtp) and 22143 (imap) to the Exchange server, so you can access you Exchange Mail­box over SSH:

1
#ssh –L 2225:MAILSERVER:25 –L 22143:MAILSERVER:143 –o TCPKeepAlive=yes –l root –p SSHPORT SSHSERVER

SSH tunneling Part 1 or my very own HTTP proxy

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*